I am trying to complete a long-polling call to a subdomain. The problem is that I need to send the request to a subdomain (sub.example.com) from example.com.
I am using the following code:
$.ajax({
url: 'https://sub.example.com/sub',
cache: false,
headers: {
'If-None-Match': etag,
'If-Modified-Since': last_modified
},
success: function(data, status, headers) {
// success handler
},
error: function(headers, status, errorThrown) {
// error handler
}
});
Again, this piece of code is not placed on the same domain. It is placed on example.com.
The problem here is that the browser is first sending a OPTIONS request, and if the server response is OK, it will continue with the GET request (which is what we want). However, I would like to avoid this first OPTIONS request by all means.
Is there anything I can change in the server setup that would allow this to happen?
Using datatype "jsonp" is not an option.
Your cross-origin request is a non-simple cross-origin request because you include the non-simple headers If-None-Match and If-Modified-Since. Browsers send an OPTIONS preflight request to get permission to send non-simple headers to a cross-origin resource before sending the actual request.
If you don't want the browser to send an OPTION preflight during a cross-origin request, you must remove any components that make it non-simple, including non-simple headers. The preflight request is a requirement imposed by the browser, not the server. There is no way for the server to tell the browser that it does not care if the server uses a preflight request, because the preflight request always comes first, so the first opportunity the server has to communicate with the server is in the response to the preflight request itself. (obviously, at that point, it's too late to say it doesn't need a preflight request.)
For more information about preflight mechanics, you can read over the HTML5 Rocks page on CORS and the "Non-simple requests" section of my answer on How does Access-Control-Allow-Origin header work?